General

  • Target

    config.exe

  • Size

    1.6MB

  • Sample

    240217-z616baah2z

  • MD5

    ece5495a1956228ba3276086354ad0c2

  • SHA1

    40fa1924abfb8b13678ade0f9adbd994ec0e2245

  • SHA256

    e917a7aa5587a518957f8da2418fbbb280039b2cf744ea13b9c12f97d1ef1043

  • SHA512

    5a45ae674a20ce951bd98a8fa2a40eabafaa046e8d2e071c20fdee4239e4e0580d9634bc3763702a7a74c764764f3a28224d0204596324fd81cf62e2343c4fd8

  • SSDEEP

    49152:XkTq24GjdGSiqkqXfd+/9AqYanieKdsQ:X1EjdGSiqkqXf0FLYW

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1206537753861300226/aKKiWFDpIciLDqtRZYtciysxc_ZV_-eGjjurDiNwehAaG91ri8fAXShRnO-X2Q1xcSAo

Targets

    • Target

      config.exe

    • Size

      1.6MB

    • MD5

      ece5495a1956228ba3276086354ad0c2

    • SHA1

      40fa1924abfb8b13678ade0f9adbd994ec0e2245

    • SHA256

      e917a7aa5587a518957f8da2418fbbb280039b2cf744ea13b9c12f97d1ef1043

    • SHA512

      5a45ae674a20ce951bd98a8fa2a40eabafaa046e8d2e071c20fdee4239e4e0580d9634bc3763702a7a74c764764f3a28224d0204596324fd81cf62e2343c4fd8

    • SSDEEP

      49152:XkTq24GjdGSiqkqXfd+/9AqYanieKdsQ:X1EjdGSiqkqXf0FLYW

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks